Tuesday Tip: How to Update Phone Software and Become Harder and More Expensive to Hack

Not sure why you should update? Update your software for mobile phone security.

“Keep your software updated!” is the closest thing we have to mobile phone security advice that will work for everyone. But the reasoning behind it can be counter-intuitive, and even quick updates can feel inconvenient, slow down our devices, or intolerably interrupt people’s workflows.

No software is perfect. Programmers make mistakes, best practices get updated, and security problems are discovered over time.
Sometimes, amateur or professional security researchers, academics, or employees at the company itself discover such problems, and report them back to the developers to get fixed. When that’s the case, the company can release phone software updates (also known as “patches”) to correct the problem. If you update your phone software as soon as that pesky “Update!” notification pops up, you are staying current with the best available protections—you’ll no longer be a “target of opportunity” for cheap attacks that try to catch people running out-of-date software.

But what happens if you don’t update your software immediately? Once a company releases a security update to fix a bug, the bug is somewhat “old news.” It may be commonly known and understood in the security research community, or, over time, people will be able to reverse-engineer the security update to figure out the details of the bug. These bugs are easy to learn about and cheap—or free—to buy exploits for. They are often used in broad phishing and malware schemes to target people who have devices with out-of-date software on them.

“But the update might break my software or include new features that I don’t like!”
This is a valid concern. Although it’s a best practice to separate security updates from updates that include new features and other changes, not all vendors and companies do so consistently.

However, if your software needs a security update, it is already broken. A problem has been found, and the update is there to address it. Updating takes you from software that is definitely broken to software that has a lower likelihood of breaking.
By keeping your software up to date at all times, you’re staying on top of your mobile phone security one step ahead of all but the most advanced threats.

Not sure how to update your phone or where to find the update features?
To update your iPhone: this is found under your iPhone’s home screen, and tap the Settings app > General > Software Update. Then, tap Download, and tap Install.

To update your apps on your iPhone: Go to your iPhone’s home screen and tap the App Store app. Then, tap the Updates icon at the bottom of the screen. Tap the Update All button.

To update your Android device: this is often found under your Settings app > About Device > System Updates > Check for Update. Next, tap Download, then tap Install.

To automatically update your apps on your Android device: Go to your Android’s home screen, and open the Google Play Store app. Tap Menu > Settings > Auto-update apps. Then, choose to Auto update apps at any time.

Our favorite signs from the 2018 March for Science

Across the globe, advocates and activists turned out on April 14 for the 2018 March for Science to hold lawmakers accountable and advocate for better science-based policies.

CREDO staff and our members were on hand for the rally held in Oakland – one of approximately 230 events held around the world – and we were so impressed by the creativity of the signs people carried during the march.

Here are some of our favorite signs from the 2018 Bay Area March for Science:














5 cool features of Android Oreo

Sweet news. We’re now rolling out the new Oreo operating system to our Android phones. Technically known as Android 8.0, Oreo is aimed at improving the speed and efficiency of your phone.

Oreo has many cool new features. Here are five of our favorites.

Picture in picture
Oreo’s new picture-in-picture mode lets you minimize videos while you’re multitasking. So if you’re watching a YouTube video or you’re on a Duo video call, you can quickly minimize the video to a corner of your display and continue with other tasks simultaneously. It’s easy to do. Just tap the Home button while the video is playing and Oreo will shrink it to a small rectangular screen within your display. Tap that screen and you get options to close the video, return to full-screen mode or access playback controls. You can also drag the screen to another corner of your display.

Faster app shortcuts
Long-press on an app icon and shortcuts to various app functions will appear in a window, so you can jump right into the action you want to take. For example, long press your Twitter icon and you can tap directly to search, post a tweet or send a DM. Long press your Gmail icon and you can tap to immediately compose an email. Long pressing an app icon is also the quickest way to access the App Info page for an app or add a widget.

Google Play Protect
Google does a very good job of vetting the apps in its Google Play Store but it can’t catch every malicious app, so bad actors do, on occasion, make their way to the Play Store. Google Play Protect adds a new layer of security to prevent malicious apps from making the leap to your device. It automatically scans all apps for malware before and after you install them and sends you a notification if it detects something suspicious.

Background Execution Limits
A lot of apps tend to run wild in the background and drain power from your battery even when you’re not using them. Oreo’s new Background Execution Limits restrict the actions that apps can perform in the background to extend your battery life, potentially by hours. You can also now place restrictions on data usage by individual apps. Here’s how. First, access the App Info screen for the app you’d like to restrict by long pressing the icon and tapping App Info; or by going to Settings then Apps & Notifications; or by dragging the app icon up to App Info on the home screen or in the drawer. Once you’re at App Info, tap Data Usage, then toggle off Background Data.

Smart Text Selection
Let’s say you’re reading an email and you want to copy an address from the email and paste it into Google Maps to see the location. Actions like this have always been a bit cumbersome and tricky. But Oreo’s Smart Text Selection makes it simple by recognizing the nature of the text as soon as you select it. So if you select an address, Oreo will instantly surface an icon for Google Maps, with the address already inserted into the search field. Select a phone number and you get a shortcut to the dialer, with the number ready to tap and call.

Now that the Oreo update is here, maybe it’s time to upgrade your phone. You can shop for all our Android phones at the CREDO Store.

Victory: Trump’s Interior Department drops plan to hike fees at national parks


Great news! Thanks to the more than 85,000 CREDO members who submitted public comments, Trump’s Interior Department backed off its proposal to drastically raise entrance fees at some of our country’s most iconic national parks.

If these rate hikes had gone through, it would have prevented many people from enjoying these national treasures and would have hurt local economies. America’s national parks are meant for everyone, not just the people who can afford them.

But thanks in part to the activism of CREDO members, more visitors will be able to enjoy our country’s precious national parks.

Tuesday Tip: How to Encrypt a Phone, Or, How I Learned to Stop Worrying About a Stranger Accessing My Data

How to Encrypt a Phone | CREDO Mobile

How to Protect Your Data by Encrypting Your Phone

Losing your phone is the worst: you aren’t just out of a phone—you also have to worry about a stranger having access to all your photos, banking apps, messages, contacts, emails, social media posts, and… yikes.

Luckily, there are two big things you can do to protect your data and prevent someone with physical access to your phone from seeing what’s inside!

1) Set a password, and

2) Encrypt your phone.

Password-protecting and encrypting your device is a powerful combination: encryption scrambles the data on your phone into gibberish, which can then only be meaningfully decrypted (unscrambled and read) by someone who knows the password.

The steps for setting a password and for how to encrypt a phone differ for iPhones and for Android.

You can access Apple’s encryption guide here.

How to Encrypt a Phone and Set a Password

To set a password and encrypt iPhones running iOS 9 through iOS 11: Open the Settings app. Then, tap Touch ID & Passcode. Follow the prompts to create a passcode.

Good news for iPhone users: your phone is already encrypted by default, so you don’t have to do the second step—you just have to set a password to protect your data from unwanted physical access. We recommend using a unique password (something you don’t use anywhere else), rather than a thumbprint.

Looking for more safety tips? Check out the full guide from Surveillance Self-Defense: https://ssd.eff.org/en/module/how-encrypt-your-iphone

To set a password and encrypt an Android phone: On Android devices, setting a password and learning how to encrypt a phone can be distinct processes—turning on password protection doesn’t mean that your phone’s data is encrypted. Be mindful to look up what options your phone has available, and whether your phone is already encrypted.

Caution: if your phone is not encrypted by default, you will want to back up your phone data to your computer beforehand and set aside time for it to encrypt and restart.

Setting a password on an Android phone: Open Settings. Go to Security. Under Security, look for Screen lock. Select a password option—try setting a password that you can memorize, and that you don’t use anywhere else.

Looking for advice on what makes a strong password? Read EFF’s tips in Surveillance Self-Defense https://ssd.eff.org/en/module/creating-strong-passwords

If your Android phone is not encrypted by default: Open Settings. Go to Security, then Encrypt Device. Alternatively, you might find encryption settings by opening Storage, then, Lockscreen and security. The option for encrypting your device may be under Other security settings.

Soraya Okuda is the education and design lead at the Electronic Frontier Foundation (EFF). EFF was founded in 1990 to protect the rights of technology users, a mission that expands as the digital world evolves. They provide leadership on cutting-edge issues of free expression, privacy, and human rights. CREDO and EFF have been long-time partners in the fight for privacy and civil liberties, and CREDO members have voted to donate over $323,000 to the organization since 2007.

CREDO is Fighting Trump’s Dangerous Tax Scam

CREDO is Fighting Trump’s Dangerous Tax Scam

Paying taxes is an American duty and important part of participating in civil society. Our taxes fund public education, Social Security and Medicare, infrastructure, and public safety.

But this Tax Day, let’s not forget that Donald Trump’s $1.5 trillion Tax Scam was a massive giveaway designed to benefit billionaire Republican donors, Wall Street bankers and the ultra-rich – while putting our social safety net at risk.

While the media remains distracted with Trump’s early morning, Fox News–inspired tweets, congressional Republicans are moving forward a dangerous agenda to slash Social Security, Medicare, Medicaid and the Affordable Care Act.

Here are some of the ways the Trump Tax Scam is hurting America:

  • According to the nonpartisan Congressional Budget Office, the Trump Tax Scam could wipe away health care coverage for 13 million people with its sabotage of the Affordable Care Act protections keeping healthy people in insurance markets.
  • Multinational corporations are receiving a massive tax handout despite sitting on billions in offshore profits while Americans lose health care coverage. Poor and middle-income Americans are getting pocket change while the super-rich pocket big money.
  • Immediately after Trump signed his scam into law, Paul Ryan and Trump’s lapdogs in Congress called for cuts to earned benefits like Social Security and Medicare that tens of millions of people rely upon.


But CREDO and our members are fighting back.

We’re demanding that Congress stop Republicans from gutting our earned benefits. More than 200,000 CREDO members have added their names – and you can sign the petition here to join them. CREDO is also proud to be the official livestream partner of the 2018 Tax March in Washington.

And our customers, by using CREDO products, are helping to fund progressive groups like Social Security Works, People’s Action and the Economic Policy Institute who are organizing on the ground and fighting on the front lines to protect Social Security, Medicare and other critical earned benefits programs.

Three decades of protecting our environment and standing up for renewable energy

For more than 30 years, CREDO members have played a major role in some of the biggest progressive accomplishments in our country’s recent history, and we’re especially proud of our members’ activism and victories to protect the environment, slow runaway climate change and advance the adoption of clean energy.

Millions of CREDO activists have taken action for climate justice over the years – and we’ve won some amazing victories. Here’s just a small sample of some of our members’ recent accomplishments:

Tuesday Tip: How to Take Great Food Photos With Your Phone

How to take great food photos with your phone

When you sit down to a nice meal, which do you pick up first, your fork or your phone? Join the club. We’re all snapping pictures of our plates before we start eating. Well, a lot of us anyway. A study last year showed a whopping 69 percent of millennials photograph their food and put it on social media before they put it in their mouth.

Of course, like your selfies, you want your foodstagrams to look amazing and make the internet think you’re a total superhero – especially if you cooked the food yourself.

Here are a few tips for taking excellent photos of your fare.

Use natural light

The flash on your phone will do no favors for your food shots. The light is harsh, it casts odd shadows and makes the food look cold. The best light for food boasting is natural light. If you’re at home and it’s overcast, take your creation outside or next to a window. If the sun is shining, consider hanging a white sheet to filter the light. If you’re at a restaurant and the light is dim, turn off your flash and prop your phone against a glass to hold it steady.

Try the flashlight feature

If you’re in a restaurant with muted light, borrow a friend’s phone and use that phone’s flashlight feature. If the light looks too harsh, hold up a napkin to diffuse it. If you need more light, you can use a white napkin or a white menu to reflect light onto the food.

Change the exposure

If you have a relatively new smartphone, you can control the phone’s exposure. When you open your camera and focus manually by tapping on the screen, you’ll see a sun icon appear. Press and hold the sun and slide your finger up and down to control the level of light in your photo.

Play with depth of field

Experiment with different angles to create depth of field, which will make your food photos look more interesting, even cornucopian. Try 45 degrees or even eye level. Overhead shots can also be good, depending on the dish.

Focus on the food

Lean in close to fill the frame and evoke a feel of intimacy and abundance. Tighter images tend to look better on social media.

On the other hand, if you’re in an artsy mood and the table is not cluttered with crumbs and spills, try creating negative space (empty space) around the food to draw  attention to it and evoke interest.

Introduce props

Food should be the star of your shot, but props can tell a nice story. A napkin, utensils, the little stone bowl of wood-smoked sea salt (yes, that’s a thing) – used imaginatively, they can create atmosphere and bring a moment to life.

Get on the grid

Photographers work with the “rule of thirds.” Imagine a grid of four lines superimposed on your phone display, dividing it into tic-tac-toe thirds. On most new phones, you don’t have to imagine the grid – you can go into settings and display a grid on your screen. Then place your focus at a point where the lines intersect. You’ll get more interesting photos this way.

Edit after you shoot

Hey, we all edit our selfies, right? (Right?) So why not edit your food photos with a little postproduction? No one will ever know. If your smartphone is a recent model, it likely has editing features built in. Or try one of Instagram’s editing tools to adjust contrast, saturation, brightness, warmth – all sorts of variables. But don’t overdo it or the food in your photo will look about as edible as something from a laminated menu. (Watch for our upcoming post on how to edit your phone photos.)

Practice makes perfect

The secret to taking great photos is taking a lot of photos. Take 25 pictures, and at least one should turn out OK.

We hope this advice helps you create more epic food selfies for your social media pages.

SOLAR XL: Resisting Keystone XL by Building Clean Energy in the Pipeline’s Path


TransCanada’s proposed Keystone XL pipeline would carry 830,000 barrels per day of dirty tarsands from Canada through hundreds of American homes, farms and ranches. It would cross the delicate Sandhills in Nebraska and put the critical Ogallala Aquifer and sacred Indigenous sites like the Ponca Trail of Tears at risk. Farmers, ranchers and indigenous Nations are fighting with everything they have to protect the land and their communities from eminent domain for private gain.

We refuse to allow the Keystone XL to put our land and water at risk. We already have the solutions we need, which is why we’re building solar panels directly in the path of the proposed Keystone XL pipeline. The solar panels are being connected to Nebraska’s power grid, generating clean, renewable energy for the state – as opposed to a risky pipeline that would provide little benefit to Nebraskans. If Keystone XL is approved, TransCanada would have to tear down clean and locally produced energy to make way for its dirty tarsands pipeline.

The SOLAR XL project is organized by Bold Nebraska, with support from partners including 350.org, Indigenous Environmental Network, Oil Change International and CREDO (P.S. Thank you!)

Solar XL: Building solar in the path of Keystone XL

Bold Nebraska and farming families are crowdfunding to build solar directly in the path of the Keystone XL pipeline.
Donate now==> bit.ly/solarxl

Posted by Bold Nebraska on Tuesday, November 28, 2017

Tuesday Tip: How to Change Your Facebook Settings After the Cambridge Analytica News

Tuesday Tip: How to Change Your Facebook Settings After the Cambridge Analytica News


This is the first part of a special three part series on digital security by the Electronic Frontier Foundation. 

You shouldn’t have to do this. You shouldn’t have to wade through complicated privacy settings in order to ensure that the companies with which you’ve entrusted your personal information are making reasonable, legal efforts to protect it. But Facebook has allowed third parties to violate user privacy on an unprecedented scale, and while legislators and regulators scramble to understand the implications and put limits in place, users are left with the responsibility to make sure their profiles are properly configured.

It recently became clear that Cambridge Analytica, a data analytics company, got access to more than 50 million Facebook users’ data in 2014. The data was overwhelmingly collected, shared and stored without user consent. The scale of this violation of user privacy reflects how Facebook’s terms of service and API were structured at the time. Make no mistake: This was not a data breach. This was exactly how Facebook’s infrastructure was designed to work.

In addition to raising questions about Facebook’s role in the 2016 presidential election, this news is a reminder of the inevitable privacy risks that users face when their personal information is captured, analyzed, indefinitely stored and shared by a constellation of data brokers, marketers and social media companies.

Tech companies can and should do more to protect users, including giving users far more control over what data is collected and how that data is used. That starts with meaningful transparency and allowing truly independent researchers – with no bottom line or corporate interest – access to work with, black-box test and audit their systems.

Finally, users need to be able to leave when a platform isn’t serving them – and take their data with them when they do.

Of course, you could choose to leave Facebook entirely, but for many that is not a viable solution. For now, if you’d like keep your data from going through Facebook’s API, you can take control of your privacy settings. Keep in mind that this disables ALL platform apps (like Farmville, Twitter or Instagram) and you will not be able to log into sites using your Facebook login.

Log into Facebook and visit the App Settings page (or go there manually via the Settings Menu > Apps ).

From there, click the “Edit” button under “Apps, Websites and Plugins.” Click “Turn Off.”

Gennie Gebhart is a researcher at the Electronic Frontier Foundation (EFF). EFF was founded in 1990 to protect the rights of technology users, a mission that expands as the digital world evolves. They provide leadership on cutting-edge issues of free expression, privacy, and human rights. CREDO and EFF have been long-time partners in the fight for privacy and civil liberties, and CREDO members have voted to donate over $323,000 to the organization since 2007. This piece originally appeared in EFF’s Deeplinks blog